Cloned Boy
Professional
- Messages
- 1,228
- Reaction score
- 994
- Points
- 113
This advanced technical guide explains the cryptographic foundations of EMV's ARQC/ARPC system, focusing on TDES (Triple DES), AES, and session key derivation — the core mechanisms that make EMV dynamic authentication secure.
Python Example (TDES Key Derivation)
Would you like a real-world ARQC/ARPC log analysis exercise? Let me know!
Table of Contents
- Cryptographic Algorithms in EMV (TDES vs. AES)
- Key Hierarchy: From Master Keys to Session Keys
- Session Key Derivation Process (With Examples)
- ARQC Generation: Step-by-Step Cryptography
- ARPC Generation: How Issuer Banks Respond
- Security Implications & Attack Vectors
- Practical Testing with Python/Open-Source Tools
- Further Research & References
1. Cryptographic Algorithms in EMV (TDES vs. AES)
EMV originally used TDES (Triple DES) for ARQC/ARPC, but newer cards may use AES-128.| Algorithm | Key Size | Usage in EMV |
|---|---|---|
| TDES (3DES) | 112/168-bit | Legacy cards (most common) |
| AES-128 | 128-bit | Newer contactless (EMVCo 2.6+) |
| HMAC-SHA-256 | 256-bit | Future spec (Cloud payments) |
Why TDES is Still Dominant
- Backward compatibility with legacy terminals.
- NIST-approved until 2030 (for certain use cases).
- Simpler key derivation than AES in EMV’s scheme.
2. Key Hierarchy: From Master Keys to Session Keys
EMV uses a 3-layer key hierarchy:- ICC Master Key (IMK)
- Unique to each card (assigned by issuer).
- Stored in HSM (Hardware Security Module) at the bank.
- Never transmitted directly.
- Session Key (SK)
- Derived from IMK + ATC (Application Transaction Counter).
- Used only for one transaction.
- Prevents replay attacks.
- ARQC/ARPC Keys
- Sub-keys derived from Session Key (SK).
- Used for MAC generation (ISO 9797-1).
Code:
IMK (Issuer Master Key)
│
└──► Session Key (Derived from IMK + ATC)
│
├──► ARQC Key (for card-side MAC)
└──► ARPC Key (for issuer-side MAC)3. Session Key Derivation Process
Formula for TDES Session Key (EMV Spec)
Code:
Session Key (SK) = Encrypt(ATC || ATC || Padding, IMK)- ATC = Application Transaction Counter (2 bytes, increments per transaction).
- Padding = Fixed bytes (00 00 00 00 00 00 00 00).
Python Example (TDES Key Derivation)
Python:
from Crypto.Cipher import DES3
# ICC Master Key (IMK) – 16 bytes (112-bit 3DES)
imk = bytes.fromhex("00112233445566778899AABBCCDDEEFF")
# ATC (Application Transaction Counter) – 2 bytes
atc = bytes.fromhex("0001")
# Derive Session Key (SK)
data = atc + atc + bytes.fromhex("0000000000000000") # ATC || ATC || Padding
cipher = DES3.new(imk, DES3.MODE_ECB)
sk = cipher.encrypt(data) # 8-byte Session Key
print("Session Key:", sk.hex()) # e.g., "A1B2C3D4E5F6G7H8"AES Session Key Derivation (Newer Cards)
Code:
Session Key (SK) = AES-Encrypt(ATC || Padding, IMK)- Uses AES-128 instead of TDES.
- More secure against brute-force attacks.
4. ARQC Generation: Step-by-Step Cryptography
ARQC is a MAC (Message Authentication Code) computed using:- Session Key (SK)
- Transaction Data (Amount, UN, ATC, etc.)
- ISO 9797-1 MAC Algorithm 3 (Retail MAC)
Data Format for ARQC Computation
| Field | Size | Example |
|---|---|---|
| Amount | 6 bytes | 00 00 00 01 00 00 ($100.00) |
| Unpredictable Number (UN) | 4 bytes | 12 34 56 78 |
| ATC | 2 bytes | 00 01 |
| Other Data (PDOL) | Variable | 9F 02 06... |
Python ARQC Generation (TDES)
Python:
from Crypto.Cipher import DES3
from Crypto.Util.Padding import pad
def generate_arqc(sk, data):
cipher = DES3.new(sk, DES3.MODE_CBC, iv=b'\x00'*8)
padded_data = pad(data, 8) # Pad to 8-byte blocks
mac = cipher.encrypt(padded_data)[-8:] # Last 8 bytes = ARQC
return mac
# Example:
transaction_data = bytes.fromhex("000000010000123456780001")
arqc = generate_arqc(sk, transaction_data)
print("ARQC:", arqc.hex()) # e.g., "3A 7B C2 91 F4 05 6D E8"5. ARPC Generation: How Issuer Banks Respond
The issuer validates the ARQC and generates ARPC using:- Same Session Key (SK)
- ARQC + Auth Code (00 = approved, 01 = declined)
- Optional Proprietary Data
Python ARPC Generation
Python:
def generate_arpc(sk, arqc, auth_code="00"):
response_data = arqc + bytes.fromhex(auth_code)
cipher = DES3.new(sk, DES3.MODE_CBC, iv=b'\x00'*8)
padded_data = pad(response_data, 8)
mac = cipher.encrypt(padded_data)[-8:] # Last 8 bytes = ARPC
return mac
arpc = generate_arpc(sk, arqc, "00")
print("ARPC:", arpc.hex()) # e.g., "5E 9A 3F B2 7C 01 D4 66"6. Security Implications & Attack Vectors
Why This System is Secure
- Dynamic Session Keys (changes per transaction via ATC).
- ARQC is transaction-specific (no replay attacks).
- Issuer validates ARQC (only legitimate banks can generate ARPC).
Theoretical Attack Vectors
- IMK Extraction
- If an attacker gets the ICC Master Key, they can derive all session keys.
- Requires HSM breach or issuer insider attack.
- Weak ATC Handling
- If terminals don’t enforce ATC incrementing, replay attacks may work.
- Fault Injection
- Glitching the card to bypass ARQC generation (physical attack).
7. Practical Testing with Python/Open-Source Tools
Testing ARQC/ARPC with PyEmv
Python:
pip install pyemv
python
from pyemv import arqc
sk = bytes.fromhex("A1B2C3D4E5F6G7H8")
txn_data = bytes.fromhex("000000010000123456780001")
arqc = arqc.generate(sk, txn_data)
print("ARQC:", arqc.hex())Using ART Tool for Live Testing
- Load IST file with correct IMK.
- Send GPO command to trigger ARQC.
- Verify ARQC matches expected value.
8. Further Research & References
- EMV Book 2 (Security & Key Management)
- NIST SP 800-67 (TDES Guidelines)
- ISO 9797-1 (MAC Algorithms)
Final Summary
- TDES/AES + Session Keys make EMV secure.
- ARQC = Card’s dynamic MAC (prevents cloning).
- ARPC = Issuer’s response MAC (ensures legitimacy).
- No practical attacks without IMK compromise.
Would you like a real-world ARQC/ARPC log analysis exercise? Let me know!
